smart-proxy generated `address` entries do not result in correct resolution

[cmeissner]

We need to use dnsmasq as dns and dhcp server. We setup dnsmasq as authoritative dns server for a given zone:

# do not read resolv.conf
no-resolv

# don not read hosts
no-hosts

# upstream dns server
server=8.8.8.8
server=8.8.4.4

# authoritative dns server
auth-server=my.domain.tld,10.2.1.1

# our zones
auth-zone=my.domain.tld,10.2.1.1

# dhcp domains
domain=my.domain.tld

# soa config
auth-soa=202008168030,hostmaster.my.domain.tld,1200,120,604800

# slave nameserver
auth-sec-servers=ns1.domain.tld,ns2.domain.tld
auth-peer=10.1.1.1
auth-peer=10.1.1.2

# fixed host records
host-record=ns.my.domain.tld,10.2.1.1
host-record=my.domain.tld,10.2.1.1

Name resolution works for that

[root@centos8 ~]# dig my.domain.tld @localhost

; <<>> DiG 9.11.13-RedHat-9.11.13-5.el8_2 <<>> my.domain.tld @localhost
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32788
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;my.domain.tld.         IN  A

;; ANSWER SECTION:
my.domain.tld.      600 IN  A   10.2.1.1

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed Jul 15 22:23:56 UTC 2020
;; MSG SIZE  rcvd: 58

[root@centos8 ~]# host ns.my.domain.tld localhost
Using domain server:
Name: localhost
Address: 127.0.0.1#53
Aliases:

ns.my.domain.tld has address 10.2.1.1

If we now create a dns record via foreman smart proxy the entry is added to the configured file foreman.conf below /etc/dnsmasq.d. After that the new host can't be resolved.

[root@centos8 ~]# curl -d 'fqdn=foo.my.domain.tld&value=10.2.1.2&type=A' http://localhost:8000/dns/
[root@centos8 ~]# cat /etc/dnsmasq.d/foreman.conf
address=/foo.my.domain.tld/10.2.1.2
[root@centos8 ~]# host foo.my.domain.tld localhost
Using domain server:
Name: localhost
Address: 127.0.0.1#53
Aliases:

Host foo.my.domain.tld not found: 3(NXDOMAIN)
[root@centos8 ~]# host ns.my.domain.tld localhost
Using domain server:
Name: localhost
Address: 127.0.0.1#53
Aliases:

ns.my.domain.tld has address 10.2.1.1

If I change the address into host-record the resolution works pretty good.

[root@centos8 ~]# cat /etc/dnsmasq.d/foreman.conf
host-record=foo.my.domain.tld,10.2.1.2
[root@centos8 ~]# host foo.my.domain.tld localhost
Using domain server:
Name: localhost
Address: 127.0.0.1#53
Aliases:

foo.my.domain.tld has address 10.2.1.2

I it wanted that address records are generated or is it a failure. Maybe this can be configured but it's not wrote to the example configuration.

[ananace]

The issue with using host-record is that it will "create" A, AAAA, PTR4, and PTR6 records all at the same time, which is something that upstream software may not expect - Foreman for instance expects them to be separate records for both creation, updating, and removal. (And in fact expects to be able to put PTRs on a separate DNS from the regular A/AAAA records as well.)

I don't particularly want to create some kind of internal reference counter for handling those cases, but if address is broken for some reason then a new solution might be necessary.

Before that though, could you check which version of dnsmasq you're running? Just in case it's a version-specific issue.

[cmeissner]

Before that though, could you check which version of dnsmasq you're running? Just in case it's a version-specific issue.

[root@centos8 ~]# dnsmasq -v
Dnsmasq version 2.79  Copyright (c) 2000-2018 Simon Kelley
Compile time options: IPv6 GNU-getopt DBus no-i18n IDN2 DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect inotify

This software comes with ABSOLUTELY NO WARRANTY.
Dnsmasq is free software, and you are welcome to redistribute it
under the terms of the GNU General Public License, version 2 or 3.